AWARD WINNER: Dangerous mail – protected addresses revealed with GPS transmitters

Every year, over half a million letters and packages are sent through the Agency’s intermediary service – to people who live with protected personal data. The idea is that no one should be able to know where the person lives.

Caliber tests security – and shows how the authority that is supposed to protect instead becomes a way for the repository to get in touch with and find its victim.

Shipped gps transmitter

Those who live with protected personal data receive their mail via the Swedish Tax Agency’s mediation mission. It was through this postal service that Kaliber, using three GPS transmitters, found the addresses of the three protected women. They attended and passed the test. They are critical of the Swedish Tax Agency. But it is not the first time that protected persons have been found with mail sent through the Swedish Tax Agency.

Kaliber’s review shows that two verdicts have been handed down in the last five years, where the man from whom the woman is supposed to be protected found her by sending GPS transmitters in this way.

The Tax Agency responds

Peter Sävje, head of the national registration department at the Swedish Tax Agency, says, among other things, the following in the program:

– After all, these are about our security routines and I don’t want to comment on that.

How do you view this data?

– Yes, of course it is extremely serious. From our perspective, there are conflicts in this. There are, there are rules about what we can and cannot do. And in some sense, you can see that there are difficulties in combining, for example, the wishes of people with protection to live as normal a life as possible, and precisely this with ensuring that you are not exposed. It is, after all, a conflict of two conflicting interests in some sense.

Would you say that technology development has sprung from security routines?

– Again I do not want to comment on our security arrangements.

Is it something that could lead to changing or updating the security procedures?

– We are of course aware of this risk. Obvious. So on that point, I don’t see that this data prompts any other handling on our part.






Related Posts